Automotive Security Product Lead

About us     Founded in 2017, Wayve is the leading developer of Embodied AI technology.  Our advanced AI software and foundation models enable vehicles to perceive, understand, and navigate any complex environment, enhancing the usability and safety of automated driving systems. Our vision is to create autonomy that propels the world forward.  Our intelligent, mapless, and hardware-agnostic AI products are designed for automakers, accelerating the transition from assisted to automated driving.  In our fast-paced environment big problems ignite us—we embrace uncertainty, leaning into complex challenges to unlock groundbreaking solutions. We aim high and stay humble in our pursuit of excellence, constantly learning and evolving as we pave the way for a smarter, safer future. At Wayve, your contributions matter.  We value diversity, embrace new perspectives, and foster an inclusive work environment; we back each other to deliver impact.   Make Wayve the experience that defines your career!   The role As Automotive Product Security Lead at Wayve, you will define, mature, and operate the product security framework for Wayve’s automotive software activities. This spans our internal R&D fleet, robotaxi programme, and automotive software supplied to OEM customers, with assurance expectations applied proportionately to each context. You will help ensure Wayve can develop, assure, and supply automotive software that meets appropriate cybersecurity expectations from internal governance, customers, regulators, and external assessors. You will be trusted to determine what good looks like for automotive product security at Wayve, applying industry best practice with pragmatism and adapting it to our technology, risk profile, product maturity, and stage of growth. You will translate regulations, standards, customer expectations and risk assessments into clear, practical requirements and ways of working that product and engineering teams can apply effectively. This role sits within Security, but works in close partnership with product, engineering, safety, and customer-facing teams. This role sets standards, guides and advises, and assures implementation. Delivery teams apply the controls and processes, produce evidence and work products, maintain cybersecurity cases, and own residual risk. This is a senior individual contributor role with broad cross-functional influence. You will be hands-on in establishing expectations, reviewing work products, advising teams, assessing cybersecurity case credibility, and challenging or escalating where evidence or risk gaps are not being addressed. As the capability matures, you will help scale repeatable processes, templates, metrics, and assurance mechanisms that allow Wayve to move quickly while maintaining the rigour expected for automotive software. The role is advisory and assurance-focused in nature, providing oversight, challenge, and pragmatic guidance to the business while enabling product and engineering teams to meet automotive cybersecurity expectations without unnecessary friction. Key responsibilities Automotive Product Security Framework & Strategy Define and maintain Wayve's automotive product security framework, aligned to ISO 21434, ASPICE for Cybersecurity, and customer assurance expectations. Establish practical processes, templates, guidance, and minimum control expectations for automotive cybersecurity activities across R&D fleet, robotaxi, and customer software programmes. Programme Guidance & Coordination Act as the product security lead across automotive software activities, helping teams understand what security activities are required, when they are required, and what good evidence looks like. Coordinate product security activity across security, product, engineering, safety, and customer-facing teams to ensure dependencies, risks, and assurance needs are understood early. Cybersecurity Case Assurance Define the minimum expectations, structure, and quality bar for Wayve's automotive cybersecurity cases. Provide independent review of required work products, traceability and completeness, residual risk statements, and the overall credibility of the cybersecurity case. Assess whether the cybersecurity case provides a defensible argument that the relevant system or software is acceptably secure for its intended context. Product Security Risk Governance Establish mechanisms for product cybersecurity risk visibility, challenge, escalation, and decision-making across automotive programmes. Partner with risk owners to ensure residual product cybersecurity risks are clearly documented, treatment options are understood, remediation is tracked, and acceptance decisions are made by the appropriate accountable owners. Challenge and escalate where risk, evidence, or delivery gaps are not being addressed appropriately. Regulatory, Customer & OEM Readiness Translate automotive cybersecurity regulatory, standard